GDPR: What You Need to Know About the European Data Protection Policy

Due to a digital landscape that never stands still, there are new changes in global privacy law coming into effect May 25th. This change requires all Australian businesses to review their existing data policies and practices and upgrade them.

The impact of the European General Data Protection Regulation (GDPR) is far-reaching, and no business can afford to ignore the significant penalties in place for non-compliance.

Amongst other things, if you;

are a business who operates a website which tracks and monitors behaviour

have a blog where users fill out a form or enter a name and email address to comment

have a website with plugins installed that use cookies for tracking

are a business whose website mentions customers or users in the EU;

then you need to read on and implement some actions to avoid a hefty fine for failing to handle your user’s data appropriately.

We have provided you with an overview of the policy, how it impacts your business, the penalties involved and what you need to do to cover yourself.

What Is GDPR?

The GDPR is the culmination of four years of preparation and debate in Europe which has been designed to:

Harmonise data privacy laws across Europe

Protect and empower all EU citizens data privacy

Reshape the way organisations approach data privacy

The GDPR bears many similarities to the current Australian Privacy Act 1988, but some fundamental differences will impact Australian businesses.

One of the biggest differences is the expanded rights for EU individuals including the ‘right to be forgotten’ and the ‘right to data portability’ giving them greater controls of who uses their data and how it is used.

When Does GDPR Come Into Effect?

The GDPR was approved by the EU parliament in April 2016 and comes into effect on Friday, 25th May 2018.

Who Does The GDPR Affect?

The GDPR not only applies to any organisation located within the EU but also includes any Australian business that falls into one or more of these categories:

AU business with an office in the EU

AU business whose website enables EU customers to order goods and services in an EU language or enables them to pay in euros

AU business whose website mentions customers or users in the EU

AU business that monitors the behaviour of individuals and use data processing to profile, analyse and predict personal attitudes or behaviours, e.g. Google Analytics or Re-Marketing tools

The last point is an interesting one. If your business operates a website with Google Analytics tracking, then you have an obligation to comply with the policy.

What Is The Penalty For Non-Compliance With GDPR?

The maximum fine organisations can receive for breaching GDPR is up to 4% of annual global turnover or 20 million euro for offences such as not providing sufficient consent to process data.

There is a tiered approach to penalties, for example, an organisation can be fined 2% of annual global turnover for failing to notify relevant bodies of a data breach.

How Can I Get My Business Ready For GDPR?

The topic of data protection is a hot one, and one that we believe will continue to develop in the short term. It may not take long for other countries, including Australia, to adopt a similar approach to the EU.
Therefore, Baker Marketing believes addressing GDPR compliance now will also serve you well in the future.

The first step is to identify your businesses level of interest in the GDPR, and then look to action the recommendations below.

All businesses with a website using cookies:

Accept Google Analytics terms and conditions.

Set a time-frame for user data retention within Google Analytics. The default is 26 months, and Baker Marketing is recommending 14 months.

Review your Privacy Policy and update to ensure compliance with the Australian Privacy Act 1988 and the EU GDPR.

Implement an opt-in/out capability for the absolute consent of using cookies on your website. The consent has to be specific and freely given, meaning that a statement such as ‘If you continue to use this site you accept the use of cookies’ no longer complies. Users need to be given the option to accept or decline the use of cookies when browsing your website. For a WordPress website, there are plugins such as Cookiebot that will assist with compliance across cookie consent, cookie monitoring and cookie control.

Enable IP Anonymity in Google Analytics. This means that the full IP address of your website users is anonymised at the earliest possible stage and this data is not collected. The impact of this is that there will be some loss of data accuracy in your Analytics location reporting.

This is a lot of information to take in!

We understand that there is a high level of complexity to the impending GDPR and Baker Marketing is here to help you cope with the changes. We can provide you with advice as well as assistance to implement the recommendations provided.

If you have any questions or would like to discuss this topic with one of our Marketing Consultants, please contact us today!

4 Comments

Interesting – What are the implications for Brexit for ‘AU business whose website enables EU customers to order goods and services in an EU language or enables them to pay in euros’
I only sell in English (which will soon NOT be an EU language), and have people pay in AUD for online (downloadable) products….

Hi Lee-Anne,
Thank you for your comment, this topic, unfortunately, is not black and white! Even though your website is in English and payment in AU dollars, there is still the potential for EU customers to come to your site and purchase. Therefore if you are monitoring, tracking or collecting personal information from EU residents, we recommend that you consider taking the actions that we have outlined, particularly updating your policy and processes. I hope this helps, if you have any more questions, please comment here, or we are happy to get one of our team to call you to discuss further!
Thanks Sarah (Baker Marketing)